The Internet has become a place over which unwanted, potentially harmful, and otherwise unsolicited data traffic is transmitted. Since complex computer systems and networks may not always be configured securely, and the installed software on computer systems often contains software defects and other vulnerabilities, they have become a target for intruders seeking to obtain unauthorized access or even outright control of a computer system.
This phenomenon has given rise to an industry providing various tools for “defending” networks, servers and computer workstations against such traffic, while allowing legitimate traffic to pass unhindered. A “firewall” is typically software that is installed in a network node; traffic passing through a firewall is inspected by first intercepting each packet and applying a set of rules to determine whether the packet should pass or be stopped. A firewall may be implemented in a networked computer such as a server or a workstation, as well as in dedicated nodes such as network access nodes and routers.
The functionality of a firewall may range from simple address filtering in which packets with predetermined source addresses or ranges of addresses are discarded, to more complex processes, which include: discriminating traffic on the basis of the protocol, for example ICMP (Internet Control Message Protocol), UDP (User Datagram Protocol), TCP (Transmission Control Protocol), etc; filtering based on source and destination ports of each packet; tracking the connection state to determine protocol violations; and the like. If needed, more sophisticated filtering may be done on the basis of the message content itself, so called “deep” packet inspection. Many computer systems which have firewall protection nonetheless have a window of vulnerability during the system startup, or during network reconfiguration where packets may be processed contrary to intended policy, possibly compromising or damaging the computer system.
This window of vulnerability occurs during boot operation, between the time at which system network drivers are configured and the later time at which normal user applications and higher level system management services controlling the network security policy may be activated.
There is also a window of vulnerability when network cards are added or reconfigured on the system while the system has been shut down. In this situation, a computer system may start up with a new network card that has no firewall protection until an administrator updates the network security policy.
One existing solution to this problem is to apply a provisional policy enabling only limited network access during boot operation. However, such a policy may not be sufficient or may be too liberal, thus causing problems with normal system startup, or still exposing the computer system to some undesired access or attack during boot operation.
Accordingly, there is a need for an improved method and system for protecting a computer system during boot operation.